Computech has a strong experience providing a wide range of Audit, Compliance, Security, PCI and SOX Consulting Services.  Our subject matter experts have extensive experience in either systems integration and/or auditing and have worked on commercial and government projects.

IT General Controls Audit
Computech will audit and report that the controls are functioning as intended within the critical areas of its system operations. The focus of the audit will target Network Security, Operating System (Windows, Linux, UNIX, and Mainframe) Security Configurations, Database Security, Software Change Control, System Operations, Backup/Recovery and Disaster Recovery. The scope of this audit will be customized to client’s needs and address the organizations' specific risks and budget constraints.

Application Audit
Computech will audit and report on whether the controls are built into the application to ensure integrity of the data, recovery and overall preservation of system processing.

SDLC Audits
Computech will perform the Systems Development Life Cycle Audit is to provide
organizations the assurance that development projects abide by the requirements of their SDLC methodology.  Real Development projects are selected as part of Compliance testing to ensure that key deliverables of the SDLC phases have been established.

Outsourcing Audits
Computech can perform outsourcing audits for technology services that have been outsourced and provide reports on the compliance of Service Level Agreements, identify problems that have not been addressed as part of the outsourcing service agreement and review outsourced contracts for compliance. Computech can perform this audit as a pre-implementation review making sure that the critical controls are included and reviewed before the outsourcing agreement is executed.

Database Audits
Computech will review, analyze and audit database activity including database security, access and usage, data creation, change or deletion. Our auditors will perform transparent system-level and data-change auditing of any existing applications without requiring any changes to be made in those applications. Computech Database Security Assessment service provides a comprehensive and detailed security review of database architectures and configurations, including:

1. Network architecture review
2. Service and protocol analysis
3. Review of operating system security
4. Use of encryption – both in databases, and across communication channels
5. User authentication
6. User and group management
7. User and group authorization and access control
8. Query implementations – use of stored procedures and parameterized queries
9. Database architecture
10. Database security auditing and monitoring

Computech consultants will provide both summary and analytical reports that will help identify which processes and users are hogging system resources. Our team will also provide audit trail details that are unavailable from native database audit utilities. We will provide totally transparent system-level and data-change auditing of any existing applications without requiring any changes to be made in those applications.

Vulnerability Assessment and Penetration Testing
Computech will test and assess the security of the Client’s network and systems from Internet based attacks. Computech audit experts use several tool to perform its Internet Vulnerability Assessment and Penetration Testing.  Computech will identify all known vulnerabilities that exist within the network and perform penetration tests to assess the extent of the vulnerability.  We will provide executive as well as detailed reports as required by the client. The detailed findings and action items that describe the vulnerabilities discovered, its impact and how to fix each one are also included in the report.

Certification and Accreditation
Computech will support clients with the Certification and Accreditation. Computech can provide a comprehensive evaluation of the technical and non-technical security features of an IT system and other safeguards, made in support of the accreditation process, to establish the extent that a particular design and implementation meets a set of specified security requirements. Computech will also provide Accreditation services which is a formal declaration that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.

When performing a C&A, Computech will evaluate the entire information system including the operating environment, the systems, the networking components, hardware, software, even firmware. This must be a repeatable process that addresses security threats and vulnerabilities with the appropriate combination of security measures. C&A last throughout the entire system’s life-cycle, from creation to maintenance until system decommission. Computech C&A experts have strong experience in the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) that consist of four phases: Definition, Verification, Validation and Post Accreditation.

SAS 70 Reporting (Type I and Type II)
Computech consultants identify control objectives and related control activities, prepare client’s description of controls (perform preliminary assessment of controls), and perform risk assessments, document information and communication process

ERP Assessments
Computech can perform Pre- and Post-Implementation reviews, Security Analysis, ERP Infrastructure (OS and Database) analysis and Risk and Security assessments (Policy & Standards, System Configuration, Source Code, Attack & Penetration) and recommend countermeasures

Regulatory Compliance
Computech consultants have strong expertise and experience in performing Regulatory Compliance Audits such as Gramm-Leach-Bailey Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Federal Information System Controls Audit Manual (FISCAM), Federal Information Security Management Act (FISMA), Network Information Security and Technology (NIST), Sarbanes Oxley (SOX) Audits and more….